Splunk searches, monitors, and analyzes machine-generated big data via a web interface and can generate graphs, reports, alerts, dashboards, and visualizations.
The Splunk service includes:
- Direct access to search your logs
- Ability to onboard logs from Amazon Web Services (AWS) and Google Cloud Platform (GCP), as well as on-premise servers
- All software licenses and annual maintenance, server hardware, and storage
- 18 months of log retention
- 6 months of log backup
- System administration support for the servers and storage
- Periodic log volume reports and alerts
Contact your University IT support team to learn how to access your logs.
Stanford University and hospitals, SLAC
Any server containing Moderate or High Risk Data, as defined by the Information Security Office, must have the operating system logs sent to Splunk. If you set up a new server that will manage Moderate or High risk data, submit a Help request to have the server setup to use Splunk.
Service subscription and a valid PTA in Oracle Financials.
The Splunk service may be used with logging information generated by Low, Moderate, or High Risk systems as defined by the Stanford University Information Security Office, but do not send High Risk Data to Splunk.
- For systems managed by University IT, Splunk is included at no additional fee.
- For systems not managed by University IT, Splunk is available for a monthly fee based on the average GB of logs ingested per day during the previous 30 days (see Rates).
To begin using Splunk, submit a Help request.
After the Splunk Solutions team has setup your servers to access Splunk, follow the instructions below to install and use Splunk.
- Windows servers:
- Install NextGen Splunk Universal Forwarder - Windows Servers (Restricted Access)
- Upgrade Windows Forwarder to Version 7.2.1 (Restricted Access)
- Linux servers:
- Install NextGen Splunk Universal Forwarder - Linux Servers (Restricted Access)
- Upgrade Linux Forwarder to Version 7.2.1 (Restricted Access)
- For logs on devices, appliances, and cloud-based applications where Splunk Universal Forwarder cannot be installed:
- Onboard Logs via the Splunk syslog Service (Restricted Access)
Submit the appropriate Help request: